As Internet commerce grows, some deceptive websites, by setting their website addresses to be very similar to those of other legitimate websites, deceive network users into giving over their personal information through a practice known as phishing.
As used herein, phishing website refers to a website that has a website address name very similar to that of a non-phishing business website address and aims to deceive users into giving over their personal information.
A list of phishing websites refers to a list containing the addresses of already identified phishing websites. The phishing websites in the list may be obtained from users who file complaints regarding various websites that practice phishing. The phishing websites in the list may also be obtained by manually screening for websites that practice phishing. In addition, the phishing websites addresses in the list are those that have already been identified to harm users through their phishing activities.
A list of websites to be protected contains the addresses of websites that need to be protected. Websites to be protected generally include those that are very popular in network transactions or electronic business. As a result, these websites are often the targets of imitation by phishing websites. Taobao, Alibaba, and Alipay are some examples of websites to be protected.
Existing identifying technologies provide for identifying websites that either need to be protected or are already known to be phishing websites by means of querying a database. Particularly, a website that needs to be protected and/or a phishing website may be identified by querying the list of websites to be protected and/or the list of phishing websites. Although already known phishing websites can be identified by using the existing identifying technologies, a defrauder may continue his/her scam by utilizing a new website address that is only a slight variation from the address of a previously identified phishing website. In addition, in existing technologies, the database is usually updated with new addresses of phishing websites only upon receiving a report of a scam or after the occurrence of a scam. In other words, existing identifying technologies are typically incapable of identifying and warning users of potentially harmful websites that have not yet been determined to be phishing websites. In fact, most existing identifying technologies use no more than a precise matching between a website address and an already known phishing website address to determine whether the website is a phishing website. Furthermore, a website is typically identified only when its address is already included in the database containing the list of websites to be protected or the list of addresses of already known phishing websites.